Senior Compliance Analyst

Career Growth, Flexibility and Collaboration!

Entrust is dedicated to keeping the world moving safely by enabling trusted identities, payments, and data protection around the globe. Headquartered in Minnesota, we offer our colleagues the ability to work globally, in a flexible and collaborative environment. Our team makes an impact!!

The Company: Entrust relies on curious, dedicated and innovative individuals whom anticipate the future and provide solutions for a more connected, mobile and secure world. Entrust’s technologies and expertise help government agencies, enterprises and financial institutions in more than 150 countries serve and safeguard citizens, employees and consumers.

We Believe: Securing identities is most effective when we value all identities. We are committed to ensuring that, through diversity and inclusion, the many voices that make up our communities are heard. From unconscious bias training for managers to global affinity groups that create connections both within and across our enterprise, Entrust expects and encourages all individuals to accept and respect one another. And, of course, to be themselves.

We are seeking a talented Sr Security Compliance Analyst to join our Information Security Governance, Risk, and Compliance team to perform IT and cybersecurity control testing and evaluate risks against Entrust systems, applications, processes, and environments. As a direct report to the Senior Risk Manager, this important position will provide consistency and expertise to the IT and cybersecurity control testing and risk evaluation functions ensuring compliance with Information Security policies and standards.

Responsibilities

• Conduct IT and cybersecurity control testing and risk evaluation for technology systems, applications, processes, and environments against ISO/IEC 2700 series and NIST Cybersecurity Framework (CSF) standard requirements.
• Evaluate design, implementation and effectiveness of existing IT and cybersecurity controls, document an deviations/gaps and recommend improvements.
• Support the design and implementation of automated control validation to enable ongoing/continuous monitoring of controls.
• Periodically re-test security control after risk mitigation or risk acceptance.
• Develop, document, and execute control testing plans, including scope, approach, timeline, framework, detailed testing plan (documentation reviews, interviews, control assessments and testing methods)
• Collaborate with internal (Compliance and Audit) and cross-functional (Privacy, ERM, Legal) teams to identify, prioritize risk and track risks.
• Prepare control testing and risk assessment reports, document control deviations, and
• communicate results to stakeholders.
• Assist in developing risk mitigation strategies and action plans to resolve control deficiencies.
• Ensure security policies and standards are properly aligned to our control inventory.
• Stay informed about industry trends, emerging threats, and best practices.
  
  

Basic Qualifications

• 5+ years of experience in technology risk assessment, control testing, or related roles.
• Audit, compliance and technology risk management background.
• Experience with at least one of the following: ISO 27001/2, NIST, PCI, FedRAMP, WebTrust InfoSec Audit
• Knowledge and understanding of Information Security concepts (threats, vulnerabilities, controls, countermeasures, risk management, etc.) and related Information Security technologies such as: Risk Management Frameworks
  
  

Security Event & Information Management Systems

Identity and Access Management Systems

Single Sign-On and Two-factor authentication

Firewalls, Content Filtering

Anti-Virus software, Intrusion Detection/Prevention, Vulnerability Assessment software

• Strong communication skills and the ability to work in a multi-disciplined environment.
• Strong problem-solving skills combined with the ability to work on multiple concurrent tasks.
• Must be able to lawfully work within the US and have unrestricted work authorization for US.
  
  

Preferred Qualifications

• Bachelor’s degree in a related field
• 2-3 yrs experience performing control validation/testing/consulting with a large professional services firm.
• One or more relevant professional certifications (e.g. CISSP, CISM, CISA, SSCP, CEH, CRISC, etc)
• Experience implementing ISO 27001/2 and/or extensive audit experience.
• Experience with risk quantification methodologies (e.g. FAIR)
• Project Management experience
  
  

For US Roles, Or Where Applicable

Entrust is an EEO/AA/Disabled/Veterans Employer

For Canadian Roles, Or Where Applicable

Entrust values diversity and inclusion and we are committed to building a diverse workforce with wide perspectives and innovative ideas. We welcome applications from qualified individuals of all backgrounds, and we strive to provide an accessible experience for candidates of all abilities.

If you require an accommodation, contact accessibility@entrust.com.

Recruiter

Steve Donahue

Steve.Donahue@entrust.com